The Cybersecurity Act was adopted by the Members of the European Parliament (MEPs). This new EU Regulation gives ENISA, the European Union Agency for Cybersecurity, a permanent mandate and strengthens its role. The Act also establishes an EU framework for cybersecurity certification, boosting the cybersecurity of digital products and services in Europe.

A visual mentioning 'the EU Cybersecurity Act'

On Tuesday 12 March 2019, during the European Parliament Plenary in Strasbourg, MEPs adopted the European Cybersecurity Act with 586 votes to 44 and 36 abstentions. The Council now has to formally approve the Act resulting in this new EU Regulation entering into force 20 days after its publication in the Official Journal of the European Union.

In a nutshell, the Cybersecurity Act:

  • strengthens the ENISA by granting to the agency a permanent mandate, reinforcing its financial and human resources and overall enhancing its role in supporting EU to achieve a common and high level cybersecurity.
  • establishes the first EU-wide cybersecurity certification framework to ensure a common cybersecurity certification approach in the European internal market and ultimately improve cybersecurity in a broad range of digital products (e.g. Internet of Things) and services.

Legislative process

The European Commission proposed the Cybersecurity Act in September 2017 as part of a wide-ranging set of measures to deal with cyber-attacks and to build strong cybersecurity in the EU. Within the European Parliament, the Industry, Research and Energy Committee (ITRE) adopted its report on the proposal in July 2018. The European Parliament, the Council and the European Commission reached a political agreement on 10 December 2018, during the fifth trilogue meeting.